VYPR

DevOps Deploy

by HCL Software

CVEs (13)

  • CVE-2025-0255HigMar 24, 2025
    risk 0.47cvss 7.2epss 0.01

    HCL DevOps Deploy / HCL Launch could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements.

  • CVE-2025-0257MedApr 2, 2025
    risk 0.41cvss 6.3epss 0.00

    HCL DevOps Deploy / HCL Launch could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service.

  • CVE-2024-23558MedApr 15, 2024
    risk 0.41cvss 6.3epss 0.00

    HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.

  • CVE-2024-23550MedFeb 3, 2024
    risk 0.40cvss 6.2epss 0.00

    HCL DevOps Deploy / HCL Launch (UCD) could disclose sensitive user information when installing the Windows agent.

  • CVE-2025-62330MedDec 16, 2025
    risk 0.38cvss 5.9epss 0.00

    HCL DevOps Deploy is susceptible to a cleartext transmission of sensitive information because the HTTP port remains accessible and does not redirect to HTTPS as intended. As a result, an attacker with network access could intercept or modify user credentials and session-related…

  • CVE-2025-0273MedMar 27, 2025
    risk 0.36cvss 5.5epss 0.00

    HCL DevOps Deploy / HCL Launch stores potentially sensitive authentication token information in log files that could be read by a local user.

  • CVE-2025-0272MedApr 3, 2025
    risk 0.35cvss 5.4epss 0.00

    HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.

  • CVE-2025-62329MedDec 16, 2025
    risk 0.33cvss 5.0epss 0.00

    HCL DevOps Deploy / HCL Launch is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated. This could lead to unauthorized access under certain network conditions.

  • CVE-2025-62327MedJan 7, 2026
    risk 0.32cvss 4.9epss 0.00

    In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM configuration privileges may be able to recover a credential previously saved for performing authenticated LLM Queries.

  • CVE-2024-23560MedApr 15, 2024
    risk 0.29cvss 4.4epss 0.00

    HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type.

  • CVE-2025-0256MedMar 24, 2025
    risk 0.28cvss 4.3epss 0.00

    HCL DevOps Deploy / HCL Launch could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function.

  • CVE-2024-23561MedApr 15, 2024
    risk 0.28cvss 4.3epss 0.00

    HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability due to insufficient obfuscation of sensitive values.

  • CVE-2024-42195LowDec 5, 2024
    risk 0.20cvss 3.1epss 0.00

    HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.